Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft
File:                     hesz_RfSMvvmsq22bLCv4N7pA7A.mft (raw, json)
Hash identifier:          mpDa2h0ggL+yjP5/urdm5KoIoSzxC4+T6vOyZdPkmRE=
Subject key identifier:   05:9E:BB:0E:94:E6:C1:34:A6:86:61:19:6E:2B:C4:00:49:D7:4C:9D
Authority key identifier: 85:EB:33:FD:17:D2:32:FB:E6:B2:AD:B6:6C:B0:AF:E0:DE:E9:03:B0
Certificate issuer:       /CN=85eb33fd17d232fbe6b2adb66cb0afe0dee903b0
Certificate serial:       01976A0613716D8BCB1F40BFC843CF155A08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hesz_RfSMvvmsq22bLCv4N7pA7A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft
Manifest number:          041A
Signing time:             Fri 13 Jun 2025 16:01:12 +0000
Manifest this update:     Fri 13 Jun 2025 16:01:12 +0000
Manifest next update:     Sat 14 Jun 2025 16:01:12 +0000
Files and hashes:         1: hesz_RfSMvvmsq22bLCv4N7pA7A.crl (hash: pXn6iiGEtt9kIv1W8PyJF6XD4Sw+5MbRtYIzB6ynpPE=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hesz_RfSMvvmsq22bLCv4N7pA7A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Jun 2025 13:55:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:6a:06:13:71:6d:8b:cb:1f:40:bf:c8:43:cf:15:5a:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85eb33fd17d232fbe6b2adb66cb0afe0dee903b0
        Validity
            Not Before: Jun 13 16:01:12 2025 GMT
            Not After : Jun 14 16:01:12 2025 GMT
        Subject: CN=059ebb0e94e6c134a68661196e2bc40049d74c9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:49:5e:ff:03:44:86:3f:74:28:f3:b4:21:49:
                    9f:9c:16:73:8a:6a:b4:a1:f0:fe:fb:1c:4a:3e:1d:
                    aa:29:1f:34:0a:0f:09:62:2d:35:ee:bf:5c:c1:bb:
                    99:1f:63:6e:e6:20:a6:51:30:3a:28:6d:7c:ef:8d:
                    d4:43:6b:a3:14:5e:fc:e3:ff:39:3f:5b:d2:7b:e3:
                    4e:32:1c:9d:06:e7:4b:8f:51:2c:78:65:06:76:92:
                    b0:3d:47:35:c8:4d:4f:09:c4:0a:ab:ec:77:b0:ca:
                    72:06:f1:07:56:14:d0:b9:19:92:00:68:96:ea:73:
                    30:df:dc:64:f9:4b:c6:98:53:10:43:f1:01:9f:ce:
                    73:8d:2d:71:b2:e3:a7:64:1c:c3:b5:d0:5d:b3:61:
                    6d:7f:18:e3:c6:7e:db:93:57:87:ce:14:51:f7:2d:
                    2f:ed:f8:60:d3:b8:5c:13:d7:28:5c:d3:09:d9:64:
                    c6:b0:2a:68:af:ae:5b:15:25:49:66:d0:21:ba:2e:
                    c9:8c:ce:00:11:ee:2f:d2:bd:29:2d:85:5a:fa:d8:
                    fc:91:30:ca:06:28:14:ab:c0:0a:53:11:89:89:2d:
                    4d:86:ec:44:70:bb:c2:ea:9f:5c:b3:7d:a0:7f:db:
                    61:fe:76:8c:30:d9:40:21:a7:4d:2c:5d:1e:4c:dc:
                    42:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:9E:BB:0E:94:E6:C1:34:A6:86:61:19:6E:2B:C4:00:49:D7:4C:9D
            X509v3 Authority Key Identifier:
                keyid:85:EB:33:FD:17:D2:32:FB:E6:B2:AD:B6:6C:B0:AF:E0:DE:E9:03:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hesz_RfSMvvmsq22bLCv4N7pA7A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         a9:f3:bb:31:41:21:e5:1b:00:a9:82:cc:ae:5c:16:10:5f:88:
         d7:36:ca:1d:ba:1d:37:cb:43:f9:91:15:4e:06:46:09:94:a0:
         76:b1:19:bf:49:f1:3f:5b:22:58:75:56:04:1a:cc:df:6a:0f:
         aa:6f:99:51:9e:d2:c9:f2:6e:08:91:ca:db:23:5e:0e:18:2b:
         07:f5:08:e7:01:a9:35:aa:0d:55:d6:0d:29:0b:cb:e4:62:27:
         17:df:dd:2e:0e:b5:87:2b:3f:50:9e:5a:cb:3d:28:82:f4:64:
         4a:fe:fa:7a:00:ba:74:8b:aa:b7:38:c6:f6:eb:d1:f2:84:9d:
         46:05:50:0b:25:af:a5:34:0f:d1:eb:25:a5:d3:77:9c:a7:f3:
         ab:b0:10:c5:69:4d:86:ba:4c:78:9f:a4:63:3f:7d:24:b8:4d:
         6e:31:31:4a:a1:23:62:3d:6e:7a:67:a6:a1:e9:2a:40:01:f5:
         f9:78:ea:ff:4f:29:0d:fe:21:35:58:94:c4:31:0b:36:1a:41:
         37:ab:26:62:2b:51:2d:f2:27:c7:d5:f3:db:ef:41:aa:5c:a8:
         ea:e7:7f:79:eb:3a:0d:7e:2b:61:9c:02:22:1c:b7:a2:8a:0c:
         3b:15:84:93:81:ff:04:eb:f4:59:39:ac:23:86:0a:44:02:91:
         5c:e8:8c:11
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZdqBhNxbYvLH0C/yEPPFVoIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1ZWIzM2ZkMTdkMjMyZmJlNmIyYWRiNjZjYjBhZmUwZGVl
OTAzYjAwHhcNMjUwNjEzMTYwMTEyWhcNMjUwNjE0MTYwMTEyWjAzMTEwLwYDVQQD
EygwNTllYmIwZTk0ZTZjMTM0YTY4NjYxMTk2ZTJiYzQwMDQ5ZDc0YzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtUle/wNEhj90KPO0IUmfnBZzimq0
ofD++xxKPh2qKR80Cg8JYi017r9cwbuZH2Nu5iCmUTA6KG18743UQ2ujFF784/85
P1vSe+NOMhydBudLj1EseGUGdpKwPUc1yE1PCcQKq+x3sMpyBvEHVhTQuRmSAGiW
6nMw39xk+UvGmFMQQ/EBn85zjS1xsuOnZBzDtdBds2Ftfxjjxn7bk1eHzhRR9y0v
7fhg07hcE9coXNMJ2WTGsCpor65bFSVJZtAhui7JjM4AEe4v0r0pLYVa+tj8kTDK
BigUq8AKUxGJiS1NhuxEcLvC6p9cs32gf9th/naMMNlAIadNLF0eTNxCSQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFAWeuw6U5sE0poZhGW4rxABJ10ydMB8GA1UdIwQY
MBaAFIXrM/0X0jL75rKttmywr+De6QOwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGVzel9SZlNNdnZtc3EyMmJMQ3Y0TjdwQTdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS9jZTgyNGYtNzNjOS00ODVlLThlZGMt
OGEzOGVhMmIxZjU0LzEvaGVzel9SZlNNdnZtc3EyMmJMQ3Y0TjdwQTdBLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS9jZTgyNGYtNzNjOS00ODVlLThlZGMtOGEzOGVhMmIxZjU0
LzEvaGVzel9SZlNNdnZtc3EyMmJMQ3Y0TjdwQTdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAqfO7MUEh
5RsAqYLMrlwWEF+I1zbKHbodN8tD+ZEVTgZGCZSgdrEZv0nxP1siWHVWBBrM32oP
qm+ZUZ7SyfJuCJHK2yNeDhgrB/UI5wGpNaoNVdYNKQvL5GInF9/dLg61hys/UJ5a
yz0ogvRkSv76egC6dIuqtzjG9uvR8oSdRgVQCyWvpTQP0eslpdN3nKfzq7AQxWlN
hrpMeJ+kYz99JLhNbjExSqEjYj1uememoekqQAH1+Xjq/08pDf4hNViUxDELNhpB
N6smYitRLfInx9Xz2+9Bqlyo6ud/ees6DX4rYZwCIhy3oooMOxWEk4H/BOv0WTms
I4YKRAKRXOiMEQ==
-----END CERTIFICATE-----